<!DOCTYPE html>
<html lang="en-us">
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
    
<meta charset="UTF-8">
<title>Slack Action | Elasticsearch Guide [7.7] | Elastic</title>
<link rel="home" href="index.html" title="Elasticsearch Guide [7.7]">
<link rel="up" href="actions.html" title="Actions">
<link rel="prev" href="actions-logging.html" title="Logging Action">
<link rel="next" href="actions-pagerduty.html" title="PagerDuty action">
<meta name="DC.type" content="Learn/Docs/Elasticsearch/Reference/7.7">
<meta name="DC.subject" content="Elasticsearch">
<meta name="DC.identifier" content="7.7">
<meta name="robots" content="noindex,nofollow">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="https://cdn.optimizely.com/js/18132920325.js"></script>
    <link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png">
    <link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png">
    <link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png">
    <link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png">
    <link rel="apple-touch-icon" sizes="114x114" href="/apple-icon-114x114.png">
    <link rel="apple-touch-icon" sizes="120x120" href="/apple-icon-120x120.png">
    <link rel="apple-touch-icon" sizes="144x144" href="/apple-icon-144x144.png">
    <link rel="apple-touch-icon" sizes="152x152" href="/apple-icon-152x152.png">
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-icon-180x180.png">
    <link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32">
    <link rel="icon" type="image/png" href="/android-chrome-192x192.png" sizes="192x192">
    <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96">
    <link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16">
    <link rel="manifest" href="/manifest.json">
    <meta name="apple-mobile-web-app-title" content="Elastic">
    <meta name="application-name" content="Elastic">
    <meta name="msapplication-TileColor" content="#ffffff">
    <meta name="msapplication-TileImage" content="/mstile-144x144.png">
    <meta name="theme-color" content="#ffffff">
    <meta name="naver-site-verification" content="936882c1853b701b3cef3721758d80535413dbfd">
    <meta name="yandex-verification" content="d8a47e95d0972434">
    <meta name="localized" content="true">
    <meta name="st:robots" content="follow,index">
    <meta property="og:image" content="https://www.elastic.co/static/images/elastic-logo-200.png">
    <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
    <link rel="icon" href="/favicon.ico" type="image/x-icon">
    <link rel="apple-touch-icon-precomposed" sizes="64x64" href="/favicon_64x64_16bit.png">
    <link rel="apple-touch-icon-precomposed" sizes="32x32" href="/favicon_32x32.png">
    <link rel="apple-touch-icon-precomposed" sizes="16x16" href="/favicon_16x16.png">
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
    <link rel="stylesheet" type="text/css" href="/guide/static/styles.css">
  </head>

  <!--© 2015-2021 Elasticsearch B.V. Copying, publishing and/or distributing without written permission is strictly prohibited.-->

  <body>
    <!-- Google Tag Manager -->
    <script>dataLayer = [];</script><noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-58RLH5" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-58RLH5');</script>
    <!-- End Google Tag Manager -->

    <!-- Global site tag (gtag.js) - Google Analytics -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-12395217-16"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());
      gtag('config', 'UA-12395217-16');
    </script>

    <!--BEGIN QUALTRICS WEBSITE FEEDBACK SNIPPET-->
    <script type="text/javascript">
      (function(){var g=function(e,h,f,g){
      this.get=function(a){for(var a=a+"=",c=document.cookie.split(";"),b=0,e=c.length;b<e;b++){for(var d=c[b];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};
      this.set=function(a,c){var b="",b=new Date;b.setTime(b.getTime()+6048E5);b="; expires="+b.toGMTString();document.cookie=a+"="+c+b+"; path=/; "};
      this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(":"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case "v":return!1;case "r":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(":")),!c}return!0};
      this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=g;document.body&&document.body.appendChild(a)}};
      this.start=function(){var a=this;window.addEventListener?window.addEventListener("load",function(){a.go()},!1):window.attachEvent&&window.attachEvent("onload",function(){a.go()})}};
      try{(new g(100,"r","QSI_S_ZN_emkP0oSe9Qrn7kF","https://znemkp0ose9qrn7kf-elastic.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_emkP0oSe9Qrn7kF")).start()}catch(i){}})();
    </script><div id="ZN_emkP0oSe9Qrn7kF"><!--DO NOT REMOVE-CONTENTS PLACED HERE--></div>
    <!--END WEBSITE FEEDBACK SNIPPET-->

    <div id="elastic-nav" style="display:none;"></div>
    <script src="https://www.elastic.co/elastic-nav.js"></script>

    <!-- Subnav -->
    <div>
      <div>
        <div class="tertiary-nav d-none d-md-block">
          <div class="container">
            <div class="p-t-b-15 d-flex justify-content-between nav-container">
              <div class="breadcrum-wrapper"><span><a href="/guide/" style="font-size: 14px; font-weight: 600; color: #000;">Docs</a></span></div>
            </div>
          </div>
        </div>
      </div>
    </div>

    <div class="main-container">
      <section id="content">
        <div class="content-wrapper">

          <section id="guide" lang="en">
            <div class="container">
              <div class="row">
                <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                  <!-- start body -->
                  <div class="page_header">
<strong>IMPORTANT</strong>: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
<a href="../current/index.html">current release documentation</a>.
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="xpack-alerting.html">Alerting on cluster and index events</a></span>
»
<span class="breadcrumb-link"><a href="actions.html">Actions</a></span>
»
<span class="breadcrumb-node">Slack Action</span>
</div>
<div class="navheader">
<span class="prev">
<a href="actions-logging.html">« Logging Action</a>
</span>
<span class="next">
<a href="actions-pagerduty.html">PagerDuty action »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="actions-slack"></a>Slack Action<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/watcher/actions/slack.asciidoc">edit</a><a class="xpack_tag" href="/subscriptions"></a>
</h2>
</div></div></div>
<p>Use the <code class="literal">slack</code> action to send messages to a <a href="https://slack.com/" class="ulink" target="_top">Slack</a>
team’s channels or users. To send Slack messages, you need to
<a class="xref" href="actions-slack.html#configuring-slack" title="Configuring Slack Accounts">configure at least one Slack account</a> in
<code class="literal">elasticsearch.yml</code>.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="configuring-slack-actions"></a>Configuring Slack actions<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/watcher/actions/slack.asciidoc">edit</a>
</h3>
</div></div></div>
<p>You configure Slack actions in the <code class="literal">actions</code> array. Action-specific attributes
are specified using the <code class="literal">slack</code> keyword.</p>
<p>The following snippet shows a simple slack action definition:</p>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">"actions" : {
  "notify-slack" : {
    "transform" : { ... },
    "throttle_period" : "5m",
    "slack" : {
      "message" : {
        "to" : [ "#admins", "@chief-admin" ], <a id="CO528-1"></a><i class="conum" data-value="1"></i>
        "text" : "Encountered  {{ctx.payload.hits.total.value}} errors in the last 5 minutes (facepalm)" <a id="CO528-2"></a><i class="conum" data-value="2"></i>
      }
    }
  }
}</pre>
</div>
<div class="calloutlist">
<table border="0" summary="Callout list">
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO528-1"><i class="conum" data-value="1"></i></a></p>
</td>
<td align="left" valign="top">
<p>The channels and users you want to send the message to.</p>
</td>
</tr>
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO528-2"><i class="conum" data-value="2"></i></a></p>
</td>
<td align="left" valign="top">
<p>The content of the message.</p>
</td>
</tr>
</table>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="formatting-slack-messages"></a>Using attachments to format Slack messages<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/watcher/actions/slack.asciidoc">edit</a>
</h3>
</div></div></div>
<p>In addition to sending simple text-based messages, you can use the Slack
<a href="https://api.slack.com/docs/attachments" class="ulink" target="_top">attachment</a> mechanism to send formatted
messages. Watcher leverages Slack attachments to enable you to dynamically
populate templated messages from the execution context payload.</p>
<p>The following snippet shows a standard message attachment:</p>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">"actions" : {
  "notify-slack" : {
    "throttle_period" : "5m",
    "slack" : {
      "account" : "team1",
      "message" : {
        "from" : "watcher",
        "to" : [ "#admins", "@chief-admin" ],
        "text" : "System X Monitoring",
        "attachments" : [
          {
            "title" : "Errors Found",
            "text" : "Encountered  {{ctx.payload.hits.total.value}} errors in the last 5 minutes (facepalm)",
            "color" : "danger"
          }
        ]
      }
    }
  }
}</pre>
</div>
<p><a id="slack-dynamic-attachment"></a>To define an attachment template that is dynamically populated from the payload,
you specify <code class="literal">dynamic_attachments</code> in the watch action. For example, a dynamic
attachment could reference histogram buckets in the payload and build an
attachment per bucket.</p>
<p>In the following example, the watch input executes a search with a date histogram
aggregation and the Slack action:</p>
<div class="olist orderedlist">
<ol class="orderedlist">
<li class="listitem">
Transforms the payload to a list where each item in the list holds the month,
the user count for that month, and the color that represents the sentiment
associated with that count (danger or bad).
</li>
<li class="listitem">
Defines an attachment template that references items in the list generated by
the transform.
</li>
</ol>
</div>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">"input" : {
  "search" : {
    "request" : {
      "body" : {
        "aggs" : {
          "users_per_month" : {
            "date_histogram" : {
              "field" : "@timestamp",
              "interval" : "month"
            }
          }
        }
      }
    }
  }
},
...
"actions" : {
  "notify-slack" : {
    "throttle_period" : "5m",
    "transform" : {
      "script" : {
        "source" : "['items': ctx.payload.aggregations.users_per_month.buckets.collect(bucket -&gt; ['count': bucket.doc_count, 'name': bucket.key_as_string, 'color': bucket.doc_count &lt; 100 ? 'danger' : 'good'])]",
        "lang" : "painless"
      }
    },
    "slack" : {
      "account" : "team1",
      "message" : {
        "from" : "watcher",
        "to" : [ "#admins", "@chief-admin" ],
        "text" : "System X Monitoring",
        "dynamic_attachments" : {
          "list_path" : "ctx.payload.items" <a id="CO529-1"></a><i class="conum" data-value="1"></i>
          "attachment_template" : {
            "title" : "{{month}}", <a id="CO529-2"></a><i class="conum" data-value="2"></i>
            "text" : "Users Count: {{count}}",
            "color" : "{{color}}"
          }
        }
      }
    }
  }
}</pre>
</div>
<div class="calloutlist">
<table border="0" summary="Callout list">
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO529-1"><i class="conum" data-value="1"></i></a></p>
</td>
<td align="left" valign="top">
<p>The list generated by the action’s transform.</p>
</td>
</tr>
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO529-2"><i class="conum" data-value="2"></i></a></p>
</td>
<td align="left" valign="top">
<p>The parameter placeholders refer to attributes in each item of the list
generated by the transform.</p>
</td>
</tr>
</table>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="slack-action-attributes"></a>Slack action attributes<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/watcher/actions/slack.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="informaltable">
<table border="1" cellpadding="4px">
<colgroup>
<col class="col_1">
<col class="col_2">
<col class="col_3">
</colgroup>
<thead>
<tr>
<th align="left" valign="top">Name</th>
<th align="center" valign="top">Required</th>
<th align="left" valign="top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left" valign="top"><p><code class="literal">message.from</code></p></td>
<td align="center" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>The sender name to display in the  Slack message.
                                    Overrides the incoming webhook’s configured name.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">message.to</code></p></td>
<td align="center" valign="top"><p>yes</p></td>
<td align="left" valign="top"><p>The channels and users you want to send the message
                                    to. Channel names must start with <code class="literal">#</code> and user names
                                    must start with <code class="literal">@</code>. Accepts a string value or an
                                    array of string values.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">message.icon</code></p></td>
<td align="center" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>The icon to display in the Slack messages. Overrides
                                    the incoming webhook’s configured icon. Accepts a
                                    public URL to an image.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">message.text</code></p></td>
<td align="center" valign="top"><p>yes</p></td>
<td align="left" valign="top"><p>The message content.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">message.attachments</code></p></td>
<td align="center" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>Slack message attachments. Message attachments enable
                                    you to create more richly-formatted messages. Specified
                                    array as defined in the
                                    <a href="https://api.slack.com/docs/attachments" class="ulink" target="_top">Slack attachments documentation</a>.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">message.dynamic_attachments</code></p></td>
<td align="center" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>Slack message attachments that can be populated
                                    dynamically based on the current watch payload. For
                                    more information, see
                                    <a class="xref" href="actions-slack.html#slack-dynamic-attachment">Using attachments to format Slack messages</a>.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">proxy.host</code></p></td>
<td align="center" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>The proxy host to use (only in combination with <code class="literal">proxy.port</code>)</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">proxy.port</code></p></td>
<td align="center" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>The proxy port to use (only in combination with <code class="literal">proxy.host</code>)</p></td>
</tr>
</tbody>
</table>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="configuring-slack"></a>Configuring Slack Accounts<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/watcher/actions/slack.asciidoc">edit</a>
</h3>
</div></div></div>
<p>You configure the accounts Watcher can use to communicate with Slack in the
<code class="literal">xpack.notification.slack</code> namespace in <code class="literal">elasticsearch.yml</code>.</p>
<p>You need a <a href="https://api.slack.com/incoming-webhooks" class="ulink" target="_top">Slack webhook URL</a> to
configure a Slack account. To create a webhook
URL, set up an an <em>Incoming Webhook Integration</em> through the Slack console:</p>
<div class="olist orderedlist">
<ol class="orderedlist">
<li class="listitem">
Log in to <a href="http://slack.com" class="ulink" target="_top">slack.com</a> as a team administrator.
</li>
<li class="listitem">
Go to <a href="https://my.slack.com/services/new/incoming-webhook" class="ulink" target="_top">https://my.slack.com/services/new/incoming-webhook</a>.
</li>
<li class="listitem">
<p>Select a default channel for the integration.</p>
<div class="imageblock">
<div class="content">
<img src="images/slack-add-webhook-integration.jpg" alt="slack add webhook integration">
</div>
</div>
</li>
<li class="listitem">
Click <span class="strong strong"><strong>Add Incoming Webhook Integration</strong></span>.
</li>
<li class="listitem">
<p>Copy the generated webhook URL so you can paste it into your Slack account
configuration in <code class="literal">elasticsearch.yml</code>.</p>
<div class="imageblock">
<div class="content">
<img src="images/slack-copy-webhook-url.jpg" alt="slack copy webhook url">
</div>
</div>
</li>
</ol>
</div>
<p>To configure a Slack account, at a minimum you need to specify the account
name and webhook URL in the Elasticsearch keystore (see <a href="/guide/en/elasticsearch/reference/7.7/secure-settings.html" class="ulink" target="_top">secure settings</a>):</p>
<div class="pre_wrapper lang-shell">
<pre class="programlisting prettyprint lang-shell">bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url</pre>
</div>
<div class="warning admon">
<div class="icon"></div>
<div class="admon_content">
<p>You can no longer configure Slack accounts using <code class="literal">elasticsearch.yml</code> settings.
Please use Elasticsearch’s secure <a class="xref" href="secure-settings.html" title="Secure settings">keystore</a> method instead.</p>
</div>
</div>
<p>You can specify defaults for the
<a class="xref" href="notification-settings.html#slack-account-attributes">Slack notification attributes</a>:</p>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">xpack.notification.slack:
  account:
    monitoring:
      message_defaults:
        from: x-pack
        to: notifications
        icon: http://example.com/images/watcher-icon.jpg
        attachment:
          fallback: "X-Pack Notification"
          color: "#36a64f"
          title: "X-Pack Notification"
          title_link: "https://www.elastic.co/guide/en/x-pack/current/index.html"
          text: "One of your watches generated this notification."
          mrkdwn_in: "pretext, text"</pre>
</div>
<p>If you configure multiple Slack accounts, you either need to configure a default
account or specify which account the notification should be sent with in the
<a class="xref" href="actions-slack.html" title="Slack Action"><code class="literal">slack</code></a> action.</p>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">xpack.notification.slack:
  default_account: team1
  account:
    team1:
      ...
    team2:
      ...</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="actions-logging.html">« Logging Action</a>
</span>
<span class="next">
<a href="actions-pagerduty.html">PagerDuty action »</a>
</span>
</div>
</div>

                  <!-- end body -->
                </div>
                <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                  <div id="rtpcontainer" style="display: block;">
                    <div class="mktg-promo">
                      <h3>Most Popular</h3>
                      <ul class="icons">
                        <li class="icon-elasticsearch-white"><a href="https://www.elastic.co/webinars/getting-started-elasticsearch?baymax=default&amp;elektra=docs&amp;storm=top-video">Get Started with Elasticsearch: Video</a></li>
                        <li class="icon-kibana-white"><a href="https://www.elastic.co/webinars/getting-started-kibana?baymax=default&amp;elektra=docs&amp;storm=top-video">Intro to Kibana: Video</a></li>
                        <li class="icon-logstash-white"><a href="https://www.elastic.co/webinars/introduction-elk-stack?baymax=default&amp;elektra=docs&amp;storm=top-video">ELK for Logs &amp; Metrics: Video</a></li>
                      </ul>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </section>

        </div>


<div id="elastic-footer"></div>
<script src="https://www.elastic.co/elastic-footer.js"></script>
<!-- Footer Section end-->

      </section>
    </div>

<script src="/guide/static/jquery.js"></script>
<script type="text/javascript" src="/guide/static/docs.js"></script>
<script type="text/javascript">
  window.initial_state = {}</script>
  </body>
</html>
